Malware Modification Contest Has Antivirus Vendors Upset

← Back to Stories (view on slashdot.org)

Malware Modification Contest Has Antivirus Vendors Upset

Posted by Soulskill on Sunday April 27, 2008 @05:07AM from the would-you-like-a-tissue dept.

SkiifGeek writes "Race to Zero, a sideline competition being set up at this year's DefCon, already has some Antivirus vendors steaming over the objectives of the contest. They are upset because it is essentially a polymorphism exercise. Entrants are given a set of malware samples which they must then modify to pass through a battery of antivirus scanners without detection while still carrying a viable payload. Even if competitors ignore the published vulnerabilities and weaknesses affecting antivirus vendors, the competition should turn up some interesting results. It may provide technical insight and concepts for further research as similar competitions have done in the past."

4 of 167 comments (clear)

Oh no! by i_liek_turtles · 2008-04-27 05:11 · Score: 5, Insightful

We may have to fix our software!
Why should this upset them? by FlyByPC · 2008-04-27 05:12 · Score: 5, Insightful

By having some top-notch creative talent (never mind which color hat they're wearing) take a stab at creating new styles of malware under controlled conditions, they're giving the antivirus vendors a great opportunity to study these creations -- and therefore to be better able to protect against them.

Heck, if I were Symantec, McAffee et al -- I'd take the opportunity to try to *recruit* programmers who had interesting entries in the contest! (Better to have them working for you, right?)

--
Paleotechnologist and connoisseur of pretty shiny things.
1. Re:Why should this upset them? by Anonymous Coward · 2008-04-27 05:21 · Score: 5, Informative
  
  The antivirus vendors are in business to make money. Every one of these issues they have to deal with equates to lost money.
Can you say Ralph Nader? by zappepcs · 2008-04-27 05:20 · Score: 5, Insightful

What would happen if Ralph got involved in the computer antivirus field?

lets translate FTFA
"It will do more harm than good to our company," said Paul Ferguson, a researcher with antivirus vendor TrendMicro. "Responsible disclosure is one thing, but now actually encouraging people to do this (as if the NSA isn't already doing so), as a contest is a little over the top.When really smart people start working on malicious software, we won't be able to keep up" Bold edits added by me.

How about this slogan "Unsafe with any version!"

I think they are afraid that regular joe end users are about to find out that programs meant to protect your pc are always an after the fact effort which leaves you vulnerable until you update and that there is no way to keep you safe from a zero-day facebook exploit. Even the government websites can be malicious until patched/fixed.

And soon, the conclusion will be ... uh, why pay for that. Spybot search and destroy is free, and ClamAV is free. I can just give them a one time donation and get just as good of protection... hmmmm These pricey programs really can't do all that much.

Wow, it would be such a shame if joe bloggs end user found out the truth. tisk tisk

--
Support NYCountryLawyer RIAA vs People